Terraform module that helps you create a RDS instance.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Christophe van de Kerchove 51b68bcc2f
feat: (BREAKING) Create SG rule for client and rename variable
1 month ago
examples feat: (BREAKING) Create SG rule for client and rename variable 1 month ago
.gitignore feat/ init 6 months ago
.pre-commit-config.yaml feat/add ssm parameters 6 months ago
CHANGELOG.md feat: (BREAKING) Create SG rule for client and rename variable 1 month ago
Jenkinsfile feat/ init 6 months ago
LICENSE Initial commit 10 months ago
README.md feat: (BREAKING) Create SG rule for client and rename variable 1 month ago
main.tf feat: (BREAKING) Create SG rule for client and rename variable 1 month ago
outputs.tf feat/add ssm parameters 6 months ago
variables.tf feat: (BREAKING) Create SG rule for client and rename variable 1 month ago
versions.tf fix: typo in versions.tf to make terraform 0.13 pass 4 months ago

README.md

terraform-module-aws-rds

Terraform module that helps you create a RDS instance.

This module can create :

  • 1 RDS cluster with n RDS cluster endpoint OR 1 RDS db instance (dynamiclly choosen depending the engine)
  • 1 option group (if not RDS cluster)
  • 1 parameter group / cluster parameter group (dynamiclly choosen depending the engine)
  • 1 subnet group
  • 1 KMS key
  • 1 security group that allow security groups and/or cidr range to access to the database
  • Export RDS endpoint, RDS reader endpoint, RDS port, master username, master password, database name and character set name on SSM parameters. Master username and master password are stored as SecureString, encrypted by a KMS key.

Limitations:

  • This module doesn't support RDS global cluster creation. There is an issue with deletion :
    error deleting RDS Cluster (nsu6suhxtftest-00001): InvalidDBClusterStateFault: This cluster is a part of a global cluster, please remove it from globalcluster first
    
  • No KMS key created internally for performance insights. Must be given externally.
  • You can't specify the availability zone for RDS cluster because API has an issue: https://github.com/terraform-providers/terraform-provider-aws/issues/1111

Requirements

Name Version
terraform >= 0.12
aws ~> 2.57

Providers

Name Version
aws ~> 2.57
random n/a

Inputs

Name Description Type Default Required
additionnal_security_group Additionnal security group to add to db. list(string) [] no
allowed_cidrs List of CIDR's that will be allowed to talk to the database. These should be CIDR's of the “clients” accessing the RDS. list(string) [] no
allowed_security_group_ids List of security group ID's that will be allowed to talk to the database. These should be the security groups of the “clients” accessing the RDS. list(string) [] no
allowed_security_group_ids_count Number of security group ID's that are set in the allowed_security_group_ids variable. number 0 no
apply_immediately Specifies whether any database modifications are applied immediately, or during the next maintenance window bool false no
auto_minor_version_upgrade Indicates that minor engine upgrades will be applied automatically to the DB instance during the maintenance window. bool true no
backtrack_window The target backtrack window, in seconds. Only available for aurora engine currently. To disable backtracking, set this value to 0 number 0 no
backup_retention_period The number of days to retain backups for. Default 1 number 1 no
ca_cert_identifier he daily time range during which automated backups are created if automated backups are enabled using the BackupRetentionPeriod parameter.Time in UTC string null no
cloudwatch_logs_exports List of log types to export to cloudwatch. list(string) [] no
copy_tags_to_snapshot Copy all Cluster tags to snapshots. Default is false. bool false no
create_ssm_parameters Create SMM parameters related to database informations bool false no
database_identifier The database identifier string "" no
database_name Name for an automatically created database on cluster creation. string null no
db_instance_allocated_storage The allocated storage in gibibytes. number null no
db_instance_allow_major_version_upgrade Indicates that major version upgrades are allowed. bool false no
db_instance_availability_zone Availability zone for the instance. string null no
db_instance_character_set_name The character set name to use for DB encoding in Oracle instances. string null no
db_instance_delete_automated_backups Specifies whether to remove automated backups immediately after the DB instance is deleted. bool true no
db_instance_domain The ID of the Directory Service Active Directory domain to create the instance in. string null no
db_instance_domain_iam_role_name The name of the IAM role to be used when making API calls to the Directory Service. string null no
db_instance_global_tags Tags to be merge to all db instances map(string) {} no
db_instance_instance_class Instance classes to use. string null no
db_instance_iops The amount of provisioned IOPS. Setting this implies a storage_type of “io1”. number null no
db_instance_license_model License model information for this DB instance. string null no
db_instance_max_allocated_storage When configured, the upper limit to which Amazon RDS can automatically scale the storage of the DB instance. number null no
db_instance_multi_az Specifies if the RDS instance is multi-AZ bool false no
db_instance_performance_insights_retention_period The amount of time in days to retain Performance Insights data number null no
db_instance_promotion_tiers List of number for failover Priority setting on instance level. This will be use for the master election, and, load balancing into the cluster. list(number) null no
db_instance_replicate_source_db Specifies that this resource is a Replicate database, and to use this value as the source database. string null no
db_instance_storage_type One of “standard” (magnetic), “gp2” (general purpose SSD), or “io1” (provisioned IOPS SSD). string null no
db_instance_tags List of Tags to be merge to each db instances list(map(string)) [] no
db_instance_timezone Time zone of the DB instance. timezone is currently only supported by Microsoft SQL Server. string null no
db_subnet_group_name The name of the DB subnet group. string null no
db_subnet_group_subnet_ids A list of VPC subnet IDs. list(string) [] no
db_subnet_group_tags Map of tags to be nerge with db subnet group map(string) {} no
deletion_protection If the DB instance should have deletion protection enabled. bool false no
description Description to be added on security_group, rds_parameter_group, kms_key and db_subnet_group. string null no
enable Whether or not to enable this module. bool true no
enable_s3_import Enable S3 import bool false no
engine The name of the database engine to be used for this DB string null no
engine_mode The database engine mode. string null no
engine_version The database engine version. string null no
final_snapshot_identifier_prefix The prefix name of your final DB snapshot when this DB cluster is deleted. This will be suffixed by a 5 digits random id managed by terraform. string null no
iam_database_authentication_enabled Specifies whether or mappings of AWS Identity and Access Management (IAM) accounts to database accounts is enabled. bool false no
kms_key_alias_name Alias of the KMS key string null no
kms_key_create Create a kms key for database bool false no
kms_key_create_alias Create a kms key alias for database bool false no
kms_key_id ID of KMS key used for database encryption. string null no
kms_key_name Name of the KMS if kms_key_create is set to true. string null no
kms_key_policy_json Policy of the KMS Key string null no
kms_key_tags Tags to be merged with all KMS key resources map(string) {} no
manage_client_security_group_rules Whether or not to manage the security group rules for the client security group ids (allowed_security_group_ids). bool true no
master_password Password for the master DB user. string null no
master_username Username for the master DB user. string null no
monitoring_interval The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance. number null no
monitoring_role_arn The ARN for the IAM role that permits RDS to send enhanced monitoring metrics to CloudWatch Logs. string null no
num_suffix_digits Number of significant digits to append to instances name. number 2 no
option_group_engine_name Specifies the name of the engine that this option group should be associated with. string null no
option_group_major_engine_version Specifies the major version of the engine that this option group should be associated with. string null no
option_group_name The name of the option group. string null no
option_group_options A list of map of Options to apply. Map must support the following structure:
* option_name (required, string): The Name of the Option (e.g. MEMCACHED).
* port (optional, number): The Port number when connecting to the Option (e.g. 11211).
* version (optional, string): The version of the option (e.g. 13.1.0.0).
* db_security_group_memberships (optional, string): A list of DB Security Groups for which the option is enabled.
* vpc_security_group_memberships (optional, string): A list of VPC Security Groups for which the option is enabled.
* option_settings (required, list of map): A list of map of option settings to apply:
* name (required, string): The Name of the setting.
* value (required, string): The Value of the setting.

For example, see folder examples/db_instance_with_option_group.
any [] no
option_group_tags Tags to be merge with the DB option group resource. map(string) {} no
parameter_group_family The family of the DB parameter group string null no
parameter_group_name The name of the DB parameter group. string null no
parameter_group_parameters List of map of parameter to add. apply_method can be immediate or pending-reboot.
list(object({
name = string
value = string
apply_method = string
}))
[] no
parameter_group_tags Tags to be added with parameter group map(string) {} no
performance_insights_enabled Specifies whether Performance Insights is enabled or not. bool false no
performance_insights_kms_key_id The ARN for the KMS key to encrypt Performance Insights data. string null no
port The database port number null no
preferred_backup_window The daily time range during which automated backups are created if automated backups are enabled. Time in UTC, e.g. 04:00-09:00 string null no
preferred_maintenance_window The weekly window to perform maintenance in. Time in UTC e.g. wed:04:00-wed:04:30 string null no
prefix Prefix to be added to all resources, except SSM paramter keys. To prefix SSM parameter keys, see ssm_parameters_prefix. string "" no
publicly_accessible Bool to control if instance is publicly accessible. bool false no
rds_cluster_enable_http_endpoint Enable HTTP endpoint (data API). Only valid when engine_mode is set to serverless. bool false no
rds_cluster_enable_s3_import Enable S3 import on RDS database creation bool false no
rds_cluster_enable_scaling_configuration Enable scalling configuration. Only valid when engine_mode is set to serverless. bool false no
rds_cluster_global_cluster_identifier The global cluster identifier. string null no
rds_cluster_iam_roles A List of ARNs for the IAM roles to associate to the RDS Cluster. list(string) [] no
rds_cluster_identifier The global cluster identifier. string "" no
rds_cluster_replication_source_identifier ARN of a source DB cluster or DB instance if this DB cluster is to be created as a Read Replica. string null no
rds_cluster_scaling_configuration_auto_pause Whether to enable automatic pause. A DB cluster can be paused only when it's idle (it has no connections). string null no
rds_cluster_scaling_configuration_max_capacity The maximum capacity. number null no
rds_cluster_scaling_configuration_min_capacity The minimum capacity. number null no
rds_cluster_scaling_configuration_seconds_until_auto_pause The time, in seconds, before an Aurora DB cluster in serverless mode is paused. number null no
rds_cluster_scaling_configuration_timeout_action The action to take when the timeout is reached. string null no
rds_cluster_source_region The source region for an encrypted replica DB. string null no
rds_cluster_tags Tags to be merged to RDS cluster map(string) {} no
rds_instance_availability_zones List of the EC2 Availability Zone that each DB instance are created in. list(string) [] no
rds_instance_instance_classes List of instance classes to use. list(string) [] no
rds_instance_promotion_tiers List of number for failover Priority setting on instance level list(number) null no
s3_import_bucket_name The bucket name where your backup is stored. string null no
s3_import_bucket_prefix Can be blank, but is the path to your backup string null no
s3_import_ingestion_role Role applied to load the data. string null no
s3_import_source_engine Source engine for the backup string null no
s3_import_source_engine_version Version of source engine for the backup string null no
security_group_name Name of the security group string "" no
security_group_tags Tags to be merged to the security group map(string) {} no
security_group_vpc_id ID of the VPC string null no
skip_final_snapshot Determines whether a final DB snapshot is created before the DB cluster is deleted. bool true no
snapshot_identifier The name of your final DB snapshot when this DB cluster is deleted. string null no
ssm_parameters_character_set_name_description Description of the character set name SSM parameter. string "Character set name of the database" no
ssm_parameters_character_set_name_key_name Name of the character set name SSM parameter key. string "characterSetName" no
ssm_parameters_database_name_description Description of the database name SSM parameter. string "Database name created by AWS" no
ssm_parameters_database_name_key_name Name of the database name SSM parameter key. string "databaseName" no
ssm_parameters_endpoint_description Description of the endpoint SSM parameter. string "DNS address of the database" no
ssm_parameters_endpoint_key_name Name of the endpoint SSM parameter key. string "endpoint" no
ssm_parameters_endpoint_reader_description Description of the endpoint reader SSM parameter. string "DNS address of the read only RDS cluser" no
ssm_parameters_endpoint_reader_key_name Name of the endpoint reader SSM parameter key. string "endpointReader" no
ssm_parameters_export_character_set_name Export the character set namein a SSM parameter. If no character set name are provisioned, SSM parameter value will be «N/A» bool true no
ssm_parameters_export_database_name Export the database name in a SSM parameter. If no database name are provisioned, SSM parameter value will be «N/A» bool true no
ssm_parameters_export_endpoint Export the endpoint name in a SSM parameter. bool true no
ssm_parameters_export_endpoint_reader Export the endpoint reader name in a SSM parameter. If provisioned engine isn't aurora, SSM parameter value will be «N/A» bool true no
ssm_parameters_export_master_password Export the master password in a secure SSM parameter. bool true no
ssm_parameters_export_master_username Export the master username in a secure SSM parameter. bool true no
ssm_parameters_export_port Export the database port in a SSM parameter. bool true no
ssm_parameters_iam_policy_create Create iam policy for SSM parameters and KMS key access. bool false no
ssm_parameters_iam_policy_name_prefix_read_only Name of the SSM parameters IAM read only policy. string "" no
ssm_parameters_iam_policy_name_prefix_read_write Name of the SSM parameters IAM read write policy. string "" no
ssm_parameters_iam_policy_path Path of the SSM parameters IAM policies. string null no
ssm_parameters_kms_key_alias_name Name of the alias KMS key. string "" no
ssm_parameters_kms_key_create Create KMS key for SSM parameters. bool false no
ssm_parameters_kms_key_id ID of the kms key if toggle ssm_parameters_kms_key_create, ssm_parameters_use_database_kms_key or ssm_parameters_use_default_kms_key are disable. bool false no
ssm_parameters_kms_key_name Name of the KMS key. string "" no
ssm_parameters_kms_key_tags Tags to be merge with all SSM parameters KMS key resources. map(string) {} no
ssm_parameters_master_password_description Description of the master passsword SSM parameter. string "Master password of the database" no
ssm_parameters_master_password_key_name Name of the master passsword SSM parameter key. string "masterPassword" no
ssm_parameters_master_username_description Description of the master username SSM parameter. string "Master username of the database" no
ssm_parameters_master_username_key_name Name of the master username SSM parameter key. string "masterUsername" no
ssm_parameters_port_description Description of the database port SSM parameter. string "Port of the database" no
ssm_parameters_port_key_name Name of the database port SSM parameter key. string "databasePort" no
ssm_parameters_prefix Prefix to be add on all SSM parameter keys. Cannot started by «/». string "" no
ssm_parameters_tags Tags to be merge with all SSM parameters resources. map(string) {} no
ssm_parameters_use_database_kms_key Use the same KMS key as for the database bool false no
ssm_parameters_use_default_kms_key Use default AWS KMS key bool false no
tags Tags to be merged with all resources of this module. map(string) {} no
use_default_kms_key Use the default KMS key to encrypt DBs. bool true no
use_num_suffix Always append numerical suffix to all resources. bool true no

Outputs

Name Description
availability_zones n/a
backup_retention_period n/a
database_name n/a
db_instance_allocated_storage n/a
db_instance_character_set_name n/a
db_instance_domain n/a
db_instance_domain_iam_role_name n/a
db_instance_multi_az n/a
db_subnet_group_arn n/a
db_subnet_group_id n/a
endpoint n/a
engine n/a
engine_version n/a
hosted_zone_id n/a
instance_arns n/a
instance_ids n/a
kms_key_alias_arn n/a
kms_key_alias_target_key_arn n/a
kms_key_arn n/a
kms_key_id n/a
maintenance_window n/a
master_username n/a
option_group_arn n/a
option_group_id n/a
parameter_group_arn n/a
parameter_group_id n/a
port n/a
preferred_backup_window n/a
rds_cluster_arn n/a
rds_cluster_availability_zones n/a
rds_cluster_cluster_identifier n/a
rds_cluster_cluster_members n/a
rds_cluster_id n/a
rds_cluster_instance_cluster_identifiers n/a
rds_cluster_instance_dbi_resource_ids n/a
rds_cluster_instance_endpoints n/a
rds_cluster_instance_engine_versions n/a
rds_cluster_instance_engines n/a
rds_cluster_instance_identifiers n/a
rds_cluster_instance_kms_key_ids n/a
rds_cluster_instance_performance_insights_enableds n/a
rds_cluster_instance_performance_insights_kms_key_ids n/a
rds_cluster_instance_ports n/a
rds_cluster_instance_storage_encrypteds n/a
rds_cluster_instance_writers n/a
rds_cluster_reader_endpoint n/a
rds_cluster_replication_source_identifier n/a
rds_cluster_storage_encrypted n/a
resource_id n/a
security_group_arn n/a
security_group_description n/a
security_group_egress n/a
security_group_id n/a
security_group_ingress n/a
security_group_name n/a
security_group_owner_id n/a
security_group_vpc_id n/a
ssm_parameters_arns n/a
ssm_parameters_iam_policy_read_only_arn n/a
ssm_parameters_iam_policy_read_only_description n/a
ssm_parameters_iam_policy_read_only_id n/a
ssm_parameters_iam_policy_read_only_name n/a
ssm_parameters_iam_policy_read_only_path n/a
ssm_parameters_iam_policy_read_only_policy n/a
ssm_parameters_iam_policy_read_write_arn n/a
ssm_parameters_iam_policy_read_write_description n/a
ssm_parameters_iam_policy_read_write_id n/a
ssm_parameters_iam_policy_read_write_name n/a
ssm_parameters_iam_policy_read_write_path n/a
ssm_parameters_iam_policy_read_write_policy n/a
ssm_parameters_kms_alias_arn n/a
ssm_parameters_kms_alias_target_key_arn n/a
ssm_parameters_kms_key_arn n/a
ssm_parameters_kms_key_id n/a
ssm_parameters_names n/a
ssm_parameters_types n/a
ssm_parameters_versions n/a